Rather than creating a blown desktop for a user, we can just use Microsoft remote desktop services which has a set of licensed users who can connect to it simultaneously.
RDSH WorkFlow
Prerequisites for RDSH Server
- Microsoft RDSH License
- VM must be AD Joined
- Domain User with Administrator rights
Step 1. I’ve deployed a VM as shown
Step 2. Login to the VM and open Server Manager as shown
Step 3. Choose remote Desktop Services Installation
Step 4. Choose the session-based desktop deployment
Step 5. Choose our rdsh server from the list
Step 6. Choose Broker, Web-Access and Session Host and Click Next to proceed
Step 7. On completion, reboot the VM
Step 8. Our server collection is shown
Step 9. RDP to a VM and login to the webUI https://rdshdesk.ash.local/RDWeb as any domain user
Step 10. A list of default published apps is shown here.
Step 11. A list of established user sessions appear here
Step 12. Additional apps can be made available to users from here.
Create SSL Certificate
Step 13. Certificates installed are available under Edit deployment properties
Step 14. No certificate has been installed as of now so let’s install one
Step 15. Open IIS Manager and go to Server certificates
Step 16. Click Create domain certificate
Step 17. Give the below details
Step 18. Give the name of our certificate server
Step 14. Download the cert file and go back to the certificate tab and replace certificates one by one
Setup User Profile Disk with Remote Desktop Services
Step 1. To create an RDS user profile, lets create a new share
Step 2. Under the user profile disks section, give that path as shown \\DC1\RDS-Profiles
Step 3. We can be specific to what folders are to be stored under our RDS user profile
Step 4. Now if we go back our folder, we can see RDSHServer01$ computer account being added to the folder with full permissions
Step 5. A detailed look of NTFS permissions is as shown
Step 6. Under the folder name, we can see a .vhdx file is created per user logged in as user logs in
Step 7. Login as our RDSH User view-user02
Step 8. We can now see an additional file being created here .As more and more RDS users login, we can see more of these disk files being created.
Step 9. The above file cant be opened as its still mounted to the user
Step 10. For an admin to view the files under it, we will need to disconnect the user from our RDSH Server as shown
Step 11. As we now go back to the folder, we can now just browse the folder as usual and this will be now mounted as a User-Disk
Step 12. To release the disk from admin computer, we will need to offline the disk
Step 13. Detach the VHD Disk
Step 14. Press OK to death the disk
Configure Single Sign On Authentication in RD Web Access
As RDS users are logging in, they are still prompted for password for establishing connection to Office 365 for example. A user can directly sign in without asking for a password
Step 1. Go to IIS server and go to authentication
Step 2. Set anonymous authentication to disabled.
Step 3. Set windows authentication to Enabled
Step 4. Restart IIS service
Now we should be able to login to our internal apps via the SSO